You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Dropbox for Business API Access token login process.
Hi There. I have an iOS apllication written in Objective-C. I have successfully integrated Dropbox API in my app and I can upload and download data from dropox even using the Access Token for it. ...
If you have a Dropbox Business API access token for an app with the "team member file access" permission and want to programmatically access a specific member's account using the Dropbox Objective-C SDK, you should use the DBTeamClient userClientWithMemberId: method. That will give you a DBUserClient you can use to access the user methods, such as listFolder. (It sets the "Dropbox-API-Select-User" header mentioned in the error message you shared.)
That would look like this:
DBTeamClient *teamClient = [[DBTeamClient alloc] initWithAccessToken:ACCESS_TOKEN]; DBUserClient *userClient = [teamClient userClientWithMemberId:memberID]; [[userClient.filesRoutes listFolder:path] setResponseBlock...
The member ID would be the team member ID (which starts with "dbmid:"). You can get those from membersList/membersListContinue, for instance.
Also, note that client-side applications, such as on iOS, can't keep secrets, such as access tokens, from a malicious user. For that reason, we don't recommend sharing/hard-coding access tokens in client-side applications. For example, in your described scenario, one team member could potentially extract the access token and use it to access another member's account.
Greg-DB
Dropbox Staff
Dropbox StaffIf you have a Dropbox Business API access token for an app with the "team member file access" permission and want to programmatically access a specific member's account using the Dropbox Objective-C SDK, you should use the DBTeamClient userClientWithMemberId: method. That will give you a DBUserClient you can use to access the user methods, such as listFolder. (It sets the "Dropbox-API-Select-User" header mentioned in the error message you shared.)
That would look like this:
DBTeamClient *teamClient = [[DBTeamClient alloc] initWithAccessToken:ACCESS_TOKEN]; DBUserClient *userClient = [teamClient userClientWithMemberId:memberID]; [[userClient.filesRoutes listFolder:path] setResponseBlock...
The member ID would be the team member ID (which starts with "dbmid:"). You can get those from membersList/membersListContinue, for instance.
Also, note that client-side applications, such as on iOS, can't keep secrets, such as access tokens, from a malicious user. For that reason, we don't recommend sharing/hard-coding access tokens in client-side applications. For example, in your described scenario, one team member could potentially extract the access token and use it to access another member's account.
Thanks Greg-DB for your inputs.
I am not clear on getting memeberID though( how to get the member id to be precise?).
Also, 1 perticular memberID give access to account of that team member correct?
But my requirement is we distribute our iOS app as enterprise within the team of our organisation. Those people are the Dropbox Team members. So, once we give them the app they should be able to login to thier account without Auth using this dropbox for Business Access token. In that case they should know thier memberID's right to access it. Is there any other way members get their memberID other than how you specified above so that they can manually enter the memberID to access their account using access token? because I believe it is not feasible to give users option in the app to select memberID.
I hope you understand my case.
Any suggestion to go ahead for my this scenario??
- Greg-DB
You can list all of the members of a team using membersList/membersListContinue. The result will contain each member's team member ID. You can also look up a specific member by email address or external ID using membersGetInfo.
A team member ID itself only identifies a particular member's account on a team. It doesn't itself give access to that member's account. You would need an access token to access an account. An access token for a "Dropbox Business API" app, such as you are using based on the output you shared previously, is for the entire Business team.
Using a Dropbox Business API access token for an app with the "team member file access" permission, you can specify the particular team member account you want to access in particular by specifying the team member ID as in the code in my previous comment. (This is the "member file access" feature documented here.)
End-users generally don't know, and don't have a way in the Dropbox UI, to access their own team member ID. This is something the Business API app should do for them (for instance, using the methods I described at the beginning of this message).
Anyway, since a Dropbox Business API access token enables access to the entire team, we don't recommend distributing it to every team member in client-side applications. It is generally meant to be used server-side, where it can be protected.
Hi Greg-DB ,
So that means using Access token for business admins account and memberID I should be able to access that members folders/directory structure similar to how I do using personal normal access token with same methods(listfolders) correct? Also, I should be able to download and update data/files to these members folders I Specify in members account right?
Also one out of the context question. Is there a way Team Admin can hide/Make other team memebers not see who all are there in their Team? I just dont want other team member to see who are there in their team when they login to their DB account on web.
- Greg-DB
Yes, whether you get a DBUserClient directly from an access token for a specific account, or from an access token for a Business team and then select the team member account as discussed above, the methods for interacting with an account (e.g., to list folders, etc.) are the same.
You can hide certain team members from the directory as covered in the help center here. Note that this won't remove those team members from the member list returned by the API itself, but you can have your app omit those members when using the API result based on TeamMemberProfile.isDirectoryRestricted
I have a similar question, But my use case is a bit different. let me explain what I am trying to do.
Once the admin has authorized the application and generated the access token. then I want my users/members to log in to their account in my application so that they can only access their data. I am using JavaScript SDK and I know there's a method `actAsUser(userId)` present in SDK for this. What I am doing is, I ask the member for their email, once they enter their email, I look up for the id using the teamMembersGetInfo method using that email. I pass the Id to 'actAsUser' method.
But there's an issue with this approach. Email id is a public thing any of the team members can put other member's email and they can act as that member.
for example: my email is zain@xyz.com. so any team member can put my email there and they can act as zain@xyz.com.
So my question is, is there some way using which I can authenticate the users?
- Greg-DB
zainulabideen No, authentication happens before the access token is retrieved, so if the client already has the access token, there isn't any further Dropbox account authentication. If you want to use the Dropbox Business API like this to connect to the entire team but let any arbitrary member use the integration, you'll need to enforce some additional layer of authentication in your own app's logic to enforce whatever access control you need. And, as above, you also shouldn't expose the access token to the client of any untrusted member.
Instead, if you want to authenticate each Dropbox user instead, you may prefer to use the Dropbox API, (e.g., with the Full Dropbox or App Folder permission) where each user authenticates and authorizes the app to access their own account only.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
